A wireless sensor network (WSN) includes a plurality of tiny, distributed, low-power and low-complexity sensor nodes to work collaboratively to monitor the physical environment information, such as, temperature, humidity, vibration, luminance, pressure, gas, density, and so on. Multimedia data, such as video or audio data, may also be collected and transmitted by WSN. The collected data are mainly for detecting certain events or triggering other actions. WSN may be applied to building structure detection, earthquake activity detection, security surveillance, forest fire and battlefield monitoring.
FIG. 1 shows an exemplary schematic view of the structure of a WSN. Referring to FIG. 1, a WSN 105 is formed by a plurality of sensor nodes, such as sensor node 131, and each sensor node transmits the sensing data to a base station (BS) 110 in a multi-hop manner. BS 110 collects sensing data and uses Internet 114 to transmit to a server 116. The server may be, such as, a web server. A user, such as, user 118, 120, may remotely login through Internet 114 to server 116. After server 116 authenticates the identity and access rights of the user, the user may access the sensing data of the sensor nodes in WSN 110 according to the user's respective access rights.
In the WSN application, the collection of sensing data is usually executed by transmitting sensing data periodically to the BS or through other specific process to gather and transmit back to the BS. The back-end server then analyzes and process sensing data for the users to access. As the multimedia data is usually much more in quantity than the general sensing data, and the WSN is limited by communication capability and low-power sensing nodes, this type of data collection is usually collected on demand; that is, when the collection is triggered when the user issues the demand. Also, the collection of multimedia data often involves the privacy issue.
For example, when the WSN is applied to security surveillance, the user usually expects the security guard is able to capture the intruder by watching the video when an intrusion occurs, while also expects to shield the privacy fields from the security guard. If the WSN continuously reports the sensing data through the BS to the server, the server may determine, based on the sensing information, whether a specific event has occurred, and then activate the access authority of the guard or specific user to access the video data. In other words, the user's access authorization comes from the information provided by reliable elements, and the determination of access authorization is also accomplished in a trusted and secured environment element isolated from attack, such as, secured core, reliable computing base or secured computing device. Hence, the physical sabotage or attack is excluded from the assumption.
However, this approach may accelerate the power consumption of the BS's neighboring nodes because of continuously routing packets. Therefore, a key technology of WSN is in designing a safe access control suitable for the WSN to allow different access privileges for different users and grant some users with immediate access privilege for multimedia data in case of emergency.
Taiwan Patent Publication No. 200614767 of FIG. 2 discloses a data authorization method, applicable to the authorization operation for sharing data between two mobile devices. As shown in the exemplary flowchart of FIG. 2, mobile device A transmits a shared packet to mobile device B. The packet contains shared data and corresponding data rule. Based on initial data rule and environment sensing data, mobile device B determines whether having the access privilege to the shared data in the packet. In other words, the first mobile device transmits the data to be shared to the second mobile device, and the second mobile device decides whether it has the access privilege to read the shared data, where the environment sensing information of the decision on the access authorization rule does not include any physical environment information.
U.S. Pat. No. 7,447,494 in FIG. 3 discloses a secure wireless authorization system, applicable to two devices using a server remotely for access authorization authentication so that a remote third party entity may access another remote user device. As shown in the exemplary embodiment of FIG. 3, a user 310 uses a secure manner to login to an authorization server 312 and stays connected. Then, a remote third party entity 320 issues an authorization request. Authorization server 312, after authenticating the related information of authorization request, agrees to allow the remote third party entity to execute the process. That is, the access authorization authentication is completely executed by authorization server 312.